audit.log

- audit trail file

Synopsis

#include <bsm/audit.h>

#include <bsm/audit_record.h>

Description

audit.log files are the depository for audit records stored locally or on
an on an NFS-mounted audit server. These files are kept in directories
named in the file audit_control(4) using the dir option. They are named
to reflect the time they are created and are, when possible, renamed
to reflect the time they are closed as well. The name takes
the form

when properly closed. yyyy is the year, mm the month, dd day
in the month, hh hour in the day, mm minute in the
hour, and ss second in the minute. All fields are of fixed
width.

Audit data is generated in the binary format described below; the default
for Solaris audit is binary format. See audit_syslog(5) for an alternate data format.

The audit.log file begins with a standalone file token and typically ends with
one also. The beginning file token records the pathname of the previous audit
file, while the ending file token records the pathname of the next audit file.
If the file name is NULL the appropriate path was unavailable.

The audit.log files contains audit records. Each audit record is made up
of audit tokens. Each record contains a header token followed by various data
tokens. Depending on the audit policy in place by auditon(2), optional other
tokens such as trailers or sequences may be included.